initial commit

setup-server.sh

@@ -0,0 +1,148 @@
+#!/usr/bin/bash
+
+# Note: This is post installation
+
+INSTALL_LOG=~/server-setup.log
+
+if [[ ! -f ~/utils/logging.sh ]]; then
+	alias log="echo"
+else
+	. ~/utils/logging.sh
+fi
+
+# Making sure user is running this as root
+if [[ ! "$USER" == "root" ]]; then
+	echo "You are not root. Please either switch to root with (su -l) or login as root and rerun this script"
+	exit 1
+fi
+
+
+# Updating repo metadata & package db
+# (-y) just means assume yes (for package download and updates)
+apt update -y && apt upgrade -y
+
+# These are the packages needed for setting up the server for my PHP application
+declare -a needed_packages=(
+	# Webserver packages
+	firewalld
+	apache2
+	php
+
+	# Check packages
+	bind-utils
+)
+
+
+# Start Firewall Setup
+
+# Setting up the rules for the webserver
+firewall-cmd --zone=public --add-service=http  --perm
+firewall-cmd --zone=public --add-service=https --perm
+
+# Setup rules for SSH server (omitting from repo-commit for obvious reasons)
+###Do SSH Rule setup###
+# End Firewall Setup
+
+
+# Wildcard SSL Cert installation
+# This will be uploaded seperately, as I do not want to share my certs with the world (this is just the bulk sum, I will be installing a complete encompassing certfile).
+CERTS_ARCHIVE=~/tristan-ancelet-certs.tar
+if [[ -f $CERTS_ARCHIVE ]]; then
+	mv $CERTS_ARCHIVE /etc/
+	cd /etc
+	tar xf $CERTS_ARCHIVE
+	[[ $? -eq 0 ]] && rm $CERTS_ARCHIVE
+else
+	log "Cert archive was not found. Installation will continue, but site will not work. Please install the ssl certs manually"
+fi
+
+CERT=~/tristanancelet-cert.pem
+if [[ ! -f $CERT ]]; then
+	cp $CERT /etc/apache2/apache.pem
+fi
+
+# App Location
+WebAppLocation=/opt/WebCron
+# The IP or IPs that will have access to the web app.
+ALLOWED_ACCESS_CONFIG=""
+
+
+# Begin apache2 config
+
+# 
+a2enmod ssl
+a2enmod php
+# Since I will be using Apache2.4*
+a2enmod authz_core
+
+
+IP_REGEX='[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.[1-9][0-9]?[0-9]?\.'
+if [[ ! "$ALLOWED_ACCESS_CONFIG" =~ ^$IP_REGEX$ ]]; then
+	log "The configured IP ($ALLOWED_ACCESS_CONFIG) did not match the format of an IP. Please fix the mistake and rerun this"
+	exit 1
+fi
+
+echo "
+# Redirecting all http traffic to https
+<VirtualHost *:80>
+        ServerAdmin webmaster@tristanancelet.com
+        ServerName webcron.tristanancelet.com
+	Redirect permanent / https://webcron.tristanancelet.com/
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+	<VirtualHost *:443>
+		ServerAdmin webmaster@tristanancelet.com
+		ServerName webcron.tristanancelet.com
+		DocumentRoot /opt/WebCron
+
+
+                ErrorLog \${APACHE_LOG_DIR}/webcron-error.log
+		CustomLog \${APACHE_LOG_DIR}/webcron.log combined
+
+		<Directory $WebAppLocation/>
+			Require ip $ALLOWED_ACCESS_CONFIG
+			SSLOptions +StdEnvVars
+		</Directory>
+
+		SSLEngine on
+		SSLCertificateFile    /etc/apache/apache.pem
+		SSLCertificateKeyFile /etc/apache/apache.pem
+
+		<FilesMatch "\.(cgi|shtml|phtml|php)$">
+				SSLOptions +StdEnvVars
+		</FilesMatch>
+	</VirtualHost>
+</IfModule>" > /etc/apache2/sites-available/web-cron.conf
+
+
+a2ensite web-cron
+
+[[ $? -ne 0 ]] && log " There was an error when enabling the site, please read the error message, that was provided from the a2ensite command"
+# End apache2 config
+
+
+# Begin Post-Setup tests
+
+## Checking that the A record for webcron.tristanancelet.com has been installed/configured on my DNS server
+echo Doing post setup tests
+
+echo "
+Checking for DNS A record for this site
+
+"
+WebCronDNSLookupIP="$( dig webcron.tristanancelet.com +short | tail -n 1)"
+if [[ ! "$WebCronDNSLookupIP" == *$(hostname -i)* ]]; then
+	echo "DNS A record check: Fail
+	
+Reason:
+An a record for webcron.tristanancelet.com doesn't exist
+
+"
+else
+	echo "DNS A record check: Pass
+
+"
+fi
+
+# End Post-Setup tests